Natural Grocers Reports Cardholder Data Breach

The company believes the incident has been contained and they are working with law enforcement to investigate. So far, Natural Grocers is not aware of any fraudulent use of customer personal information or card data. The company does not believe personally identifiable information such as names, addresses or social security numbers was compromised. Only the data on the payment card would have been accessible to the attackers.

However. according the respected security blog site krebsonsecurity.com, “Sources in the financial industry tell KrebsOnSecurity they have traced a pattern of fraud on customer credit and debit cards suggesting that hackers have tapped into cash registers at Natural Grocers locations across the country.”

The attackers are believed to have breached Natural Grocers in late December 2014 by exploiting weaknesses in the company’s database servers. They went on to install malware to compromise company’s point of sale (POS) systems and retrieve card data.

The company said it was accelerating plans to upgrade the point-of-sale system in all 93 of its store locations with a new PCI-compliant system that includes point-to-point encryption and new pin pads that accept “chip and PIN” cards.